WSO2 Product Release Webinar: WSO2 Identity Server 5.1
-
Upload
wso2-inc -
Category
Technology
-
view
1.616 -
download
1
Transcript of WSO2 Product Release Webinar: WSO2 Identity Server 5.1
WSO2 Identity Server 5.1.0Engage your Line of Business Managers with Workflows
Johann Dilantha NallathambyTechnical Lead & Product Lead of WSO2 Identity Server
Outline
o What is WSO2 Identity Servero What’s new with WSO2 Identity Server 5.1.0o Demoo Q&A
What is WSO2 Identity Server
o 100% free and open source with commercial supporto Lightweight and high performanceo Highly modular and extensibleo User friendly with minimal learning curveo Based on open standards
An open source Identity & Entitlement management server
Features Before IS 5.1.0
o Authenticationo Authorizationo Enterprise Single Sign-Ono Federated Single Sign-Ono Delegated Access Controlo Provisioningo Identity Management and Self Service
Capabilities
Authentication
o
Authorization
o Role Basedo Permission Basedo Attribute Basedo Policy Based
o XACML 2.0/3.0
Enterprise Identity Bus
o Decoupling Service Providers and Identity Providers making them unaware of each others’ existence
o Authentication Bridgeo Protocol translationo Multi-option and multi-step logino Home Realm Discovery (HRD)
o Provisioning Bridgeo Protocol translationo Just-In-Time (JIT) provisioning
o Claim transformationo Role transformation
Open Standards for Enterprise Single Sign-On(Inbound authenticators)
o SAML2 Web SSOo SAML2 Web Single Sign Outo SAML2 Basic Attribute Profile
o OpenID Connecto Core specification
o WS-Federationo OpenID 2.0
o Simple Registration Extension Protocolo Attribute Exchange Profile
o Integrated Windows Authentication
Federated Single Sign-On
o Supports pluggable outbound authenticator architectureo Supports all the same standards of the inbound
authenticationo Social Authentication
o Facebooko Googleo Yahooo Microsoft Live
Delegated Access Control
o OAuth2o OAuth2 Authorization Framework - RFC 6749o Bearer Token Profile - RFC 6750o SAML2 Grant Profile - RFC 7522o OAuth2 Token Revocation - RFC 7009o NTLM Grant
o WS-Trust 1.3/1.4
Provisioning
o Inbound and Outbound provisioning connectorso SCIM 1.1 (Inbound & Outbound)o SPML 2.0 (Outbound Only)o Google Appso SalesForce
o Non standard user/group management WS APIs for inbound provisioning only
o Non standard role/permission management WS APIs for inbound provisioning only
Identity Management & Self Service Capabilities
o Self sign-upo Password resets using secret questionso Password reset using email verificationo Password policies
o Password strengtho Minimum lengtho Password retry count
o Account verification with emailo One Time Passwordso User account locking
What’s New with Identity Server 5.1.0?
Workflowso Workflows for User/Group management
operationso Can be extended to cover any of your organization’s
critical Identity and Access Management needso Integrates with WSO2’s own Business Process
Server (BPS) out-of-the-boxo Can be extended to integrate with any non WSO2
Business Process Server
Workflowso Engage multi-option/multi-step workflows, using
users or roles.o Provides templating feature to define your own
workflowso Can be extended to provide customized templates
o Ships by default with the minimal set of business process features required.o Recommended to to deploy a full blown WSO2 BPS
product if going into production with significantly high load and to get all the other goodies that come with it!
WorkflowsArchitecture
Event Handler
Request Initiator
Callback Handler
Executor Manager
Database
Process Template
Initializer
Executor
Process Template Implementations
2-Factor Authentication with FIDOo http://wso2.com/library/webinars/2015/12/fido-
universal-second-factor-u2f-for-wso2-identity-server/
Linked Local Accountso In IS 5.0.0 we were able to link only federated
Identifiers to local accountso In IS 5.1.0 you are able to link one or more local
accounts together.o This will let you switch between user accounts
without re-login
WSO2 Store for Identity Server Connectors
o Public Storeo https://store.wso2.com/store/assets/isconnector
o Documentationo https://docs.wso2.
com/display/ISCONNECTORS/Identity+Server+Authenticators+and+Connectors
Other Improvementso Redesign of SSO Login pageo Registration is part of the login flowo Support for multiple Assertion Consumer URLso Support for more SAML2 signing algorithmso IdP-Initiated Single Logouto SAML1.0 Grant for OAuth2.0o OpenID Connect support for implicit Grant typeo SCIM Patch operation supporto Dumb mode provisioning with SCIM
Other Improvementso Multi-tenancy support in ADo Bulk user import support for all types of user
storeso Search users with attribute valueso Configurable Idle Session Timeout and
Remember Me Timeouto Placeholder support for configuration files such
as identity.xml, application-authenticators.xml, sso-idp-config.xml, etc.
o Boasts over 1500 bug fixes and improvementso https://wso2.org/jira/issues/?filter=12586
o Documentation updates and fixes
Referenceso Migrating from IS 5.0.0 to IS 5.1.0
o https://docs.wso2.com/display/IS510/Upgrading+from+a+Previous+Release
o IS 5.1.0 Documentationo https://docs.wso2.
com/display/IS510/WSO2+Identity+Server+Documentation
o Identity Server Webinarso http://wso2.com/library/webinars/identity-server/
What’s Next ?o Bug fix release in Q1 2016
o Will include minor improvementso Big release on C5 in Q3
o Next generation Carbon platformo Microservices engineo Native REST/JSON supporto Container based tenancy modelo Redesigning user management APIs to support
JAASo More to come...